You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by "Jackson, Douglas" <do...@siemens.com> on 2021/05/04 16:54:39 UTC

Usage of xstream in activemq

Hi!
We are wondering the extent of the danger from the usage of xstream in ActiveMQ prior to 5.16.

Is it related only to the ActiveMQ web console?
Does ActiveMQ use blacklists or whitelists?

Is there a way to avoid the security issues posed by the usage of xstream while using the versions of ActiveMQ in which xstream is used?
-Doug

RE: Usage of xstream in activemq

Posted by "Jackson, Douglas" <do...@siemens.com>.

Hi!
Sorry. I did not see it posted so I thought I needed to register.
I registered and sent it again.
-Doug

-----Original Message-----
From: Justin Bertram <jb...@apache.org> 
Sent: Tuesday, May 4, 2021 2:05 PM
To: users@activemq.apache.org
Subject: Re: Usage of xstream in activemq

You sent this message to the list previously, and I responded to your questions on that thread. Please refrain from sending the same message to the list multiple times. Thanks!


Justin

On Tue, May 4, 2021 at 1:57 PM Jackson, Douglas < douglas.s.jackson@siemens.com> wrote:

> Hi!
> We are wondering the extent of the danger from the usage of xstream in 
> ActiveMQ prior to 5.16.
>
> Is it related only to the ActiveMQ web console?
> Does ActiveMQ use blacklists or whitelists?
>
> Is there a way to avoid the security issues posed by the usage of 
> xstream while using the versions of ActiveMQ in which xstream is used?
> -Doug
>

Re: Usage of xstream in activemq

Posted by Justin Bertram <jb...@apache.org>.

You sent this message to the list previously, and I responded to your
questions on that thread. Please refrain from sending the same message to
the list multiple times. Thanks!


Justin

On Tue, May 4, 2021 at 1:57 PM Jackson, Douglas <
douglas.s.jackson@siemens.com> wrote:

> Hi!
> We are wondering the extent of the danger from the usage of xstream in
> ActiveMQ prior to 5.16.
>
> Is it related only to the ActiveMQ web console?
> Does ActiveMQ use blacklists or whitelists?
>
> Is there a way to avoid the security issues posed by the usage of xstream
> while using the versions of ActiveMQ in which xstream is used?
> -Doug
>